Stay on target

Hackers now have digital weapons that can take out power grids. Take, for example, the collapse of Ukrainian capital Kiev’s infrastructure last year. That was an attack using aggressive and adaptable malware. But what’s worse? The code is written to be modular. Hackers can slot bits in and out as needed without much trouble. What does that mean? Well… the internet’s a lot less safe than it used to be.

The malware was named “Crash Override,” a clear nod to one of the best cyberpunk films of all time. WIRED claims that the bug is “the most evolved specimen of grid-sabotaging malware ever observed in the world.” It’s extremely sophisticated, and researchers claim that when it was used to bring down Kiev that was just a show of force.

ESET and Dragos — two security firms based in Slovakia and the US, respectively — have been dissecting Crash Override, and it isn’t pretty.

“The malware is really easy to re-purpose and use against other targets. That is definitely alarming,” said ESET malware researcher Robert Lipovsky told Reuters. “This could cause wide-scale damage to infrastructure systems that are vital.”

The real threat this poses comes from the fact that it can be modified with virtually no effort, plus, a good chunk of the process is entirely automatic. So an attack in Kiev could well be a dry run against London or even the whole of the US. It’s enough that utilities and the US Department of Homeland Security have started looking for answers and solutions — but something like this can be pretty tough to defend against. What’s worse? The attack comes straight from the United States’ own playbook.

For those unfamiliar with the world of cyber security, the US has actually pulled some of the world’s most aggressive cyber attacks. One the most brutal was Stuxnet — a highly advanced worm that was designed to operate autonomously. Like something from a spy thriller, as soon as Stuxnet hit its targets, it spread rapidly. It’s target? Iranian industrial systems that manage the country’s nuclear fuel enrichment program.

While the US never officially claimed responsibility, it’s widely assumed in the security community to have been a joint project between Washington and Israel to delay Iran’s ability to produce nuclear weapons.

This time, the going assumption is that Russia’s behind it. While the former USSR might seem like the scapegoat de jure in the security world, that’s largely a matter of investment. Russian officials have invested heavily in developing their cyber warfare programs (pretty decent tactic if you ask me, it’d get you pretty far in a game of Civilization).

“There is a global cyber war of Russia against [the] whole world,” Ukraine’s president, Petro Poroshenko, told Reuters. “This is a global danger, and the world should be together to fight this danger.”

Given how much of our lives are critically dependent upon access to power, it’s small wonder why a country might develop this kind of weapon — it gives you an incredible amount of leverage. Even if a city can adapt pretty quickly (and many can), researchers say that Crash Override may be able to bring cities down for days. We’re talking traffic problems, loss of power to city water pumps and hospitals, tens of millions in spoiled food, not to mention the direct economic damage to so many businesses being unable to operate.

That this software exists at all is a bit disturbing, but in an era of rising global tensions, it’s certain that whosever’s holding these keys, they have a powerful weapon indeed. Y’know… it’s a good thing Gandhi’s not still around. I have a feeling he’d make this all worse somehow (ba-dum-tss).